发生绑定时(

When the binding occurs (the data from the HTTP Trigger gets sent to the Cosmos DB Input bind), it is passed through a SQLParameterCollection that will handle sanitization.

请查看本文 :

参数化SQL提供了强大的用户输入处理和转义功能，可防止通过"SQL注入"意外暴露数据

Parameterized SQL provides robust handling and escaping of user input, preventing accidental exposure of data through "SQL injection"

这将涵盖通过name属性插入SQL的任何尝试.

This will cover any attempt to inject SQL through the name property.